draft-ietf-httpauth-digest-16.txt   draft-ietf-httpauth-digest-17.txt 
HTTPAuth R. Shekh-Yusef, Ed. HTTPAuth R. Shekh-Yusef, Ed.
Internet-Draft Avaya Internet-Draft Avaya
Obsoletes: 2617 (if approved) D. Ahrens Obsoletes: 2617 (if approved) D. Ahrens
Intended status: Standards Track Independent Intended status: Standards Track Independent
Expires: October 5, 2015 S. Bremer Expires: October 9, 2015 S. Bremer
Netzkonform Netzkonform
April 3, 2015 April 7, 2015
HTTP Digest Access Authentication HTTP Digest Access Authentication
draft-ietf-httpauth-digest-16 draft-ietf-httpauth-digest-17
Abstract Abstract
HTTP provides a simple challenge-response authentication mechanism HTTP provides a simple challenge-response authentication mechanism
that may be used by a server to challenge a client request and by a that may be used by a server to challenge a client request and by a
client to provide authentication information. This document defines client to provide authentication information. This document defines
the HTTP Digest Authentication scheme that can be used with the HTTP the HTTP Digest Authentication scheme that can be used with the HTTP
authentication mechanism. authentication mechanism.
Editorial Note (To be removed by RFC Editor before publication) Editorial Note (To be removed by RFC Editor before publication)
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 5, 2015. This Internet-Draft will expire on October 9, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 26, line 29 skipping to change at page 26, line 29
The bottom line is that *any* compliant implementation will be The bottom line is that *any* compliant implementation will be
relatively weak by cryptographic standards, but *any* compliant relatively weak by cryptographic standards, but *any* compliant
implementation will be far superior to Basic Authentication. implementation will be far superior to Basic Authentication.
6. IANA Considerations 6. IANA Considerations
6.1. Hash Algorithms for HTTP Digest Authentication 6.1. Hash Algorithms for HTTP Digest Authentication
This specification creates a new IANA registry named "Hash Algorithms This specification creates a new IANA registry named "Hash Algorithms
for HTTP Digest Authentication". This registry lists the hash for HTTP Digest Authentication" under the existing "Hypertext
algorithms that can be used in HTTP Digest Authentication. When Transfer Protocol (HTTP) Digest Algorithm Values" category. This
registering a new hash algorithm, the following information MUST be registry lists the hash algorithms that can be used in HTTP Digest
provided: Authentication.
When registering a new hash algorithm, the following information MUST
be provided:
Hash Algorithm Hash Algorithm
The textual name of the hash algorithm. The textual name of the hash algorithm.
Digest Size Digest Size
The size of the algorithm's output in bits. The size of the algorithm's output in bits.
Reference Reference
skipping to change at page 27, line 16 skipping to change at page 27, line 16
| Hash Algorithm | Digest Size | Reference | | Hash Algorithm | Digest Size | Reference |
+----------------+-------------+-----------+ +----------------+-------------+-----------+
| "MD5" | 128 | RFC XXXX | | "MD5" | 128 | RFC XXXX |
| "SHA-512-256" | 256 | RFC XXXX | | "SHA-512-256" | 256 | RFC XXXX |
| "SHA-256" | 256 | RFC XXXX | | "SHA-256" | 256 | RFC XXXX |
+----------------+-------------+-----------+ +----------------+-------------+-----------+
Each one of the algorithms defined in the registry might have a -sess Each one of the algorithms defined in the registry might have a -sess
variant, e.g. MD5-sess, SHA-256-sess, etc. variant, e.g. MD5-sess, SHA-256-sess, etc.
To clarify the purpose of the existing "HTTP Digest Algorithm Values"
registry and to avoid confusion between the two registries, IANA is
asked to add the following description to the existing "HTTP Digest
Algorithm Values" registry:
This registry lists the algorithms that can be used when creating
digests of an HTTP message body, as specified in RFC 3230.
6.2. Digest Scheme Registration 6.2. Digest Scheme Registration
This specification updates the Digest scheme in Hypertext Transfer This specification updates the Digest scheme in Hypertext Transfer
Protocol (HTTP) Authentication Scheme Registry. Protocol (HTTP) Authentication Scheme Registry.
Authentication Scheme Name: Digest Authentication Scheme Name: Digest
Pointer to specification text: this specification Pointer to specification text: this specification
7. Acknowledgments 7. Acknowledgments
skipping to change at page 27, line 39 skipping to change at page 27, line 47
to provide a complete description of the digest scheme and its to provide a complete description of the digest scheme and its
operations. operations.
Special thanks to Julian Reschke for his many reviews, comments, Special thanks to Julian Reschke for his many reviews, comments,
suggestions, and text provided to various areas in this document. suggestions, and text provided to various areas in this document.
The authors would like to thank Stephen Farrell, Yoav Nir, Phillip The authors would like to thank Stephen Farrell, Yoav Nir, Phillip
Hallam-Baker, Manu Sporny, Paul Hoffman, Yaron Sheffer, Sean Turner, Hallam-Baker, Manu Sporny, Paul Hoffman, Yaron Sheffer, Sean Turner,
Geoff Baskwill, Eric Cooper, Bjoern Hoehrmann, Martin Durst, Peter Geoff Baskwill, Eric Cooper, Bjoern Hoehrmann, Martin Durst, Peter
Saint-Andre, Michael Sweet, Daniel Stenberg, Brett Tate, Paul Leach, Saint-Andre, Michael Sweet, Daniel Stenberg, Brett Tate, Paul Leach,
Ilari Liusvaara, Gary Mort, Alexey Melnikov, and Benjamin Kaduk for Ilari Liusvaara, Gary Mort, Alexey Melnikov, Benjamin Kaduk, Kathleen
their careful review and comments. Moriarty, and Francis Dupont for their careful review and comments.
The authors would like to thank Jonathan Stoke, Nico Williams, Harry The authors would like to thank Jonathan Stoke, Nico Williams, Harry
Halpin, and Phil Hunt for their comments on the mailing list when Halpin, and Phil Hunt for their comments on the mailing list when
discussing various aspects of this document. discussing various aspects of this document.
The authors would like to thank Paul Kyzivat and Dale Worley for The authors would like to thank Paul Kyzivat and Dale Worley for
their careful review and feedback on some aspects of this document. their careful review and feedback on some aspects of this document.
The authors would like to thank Barry Leiba for his help with the The authors would like to thank Barry Leiba for his help with the
registry. registry.
skipping to change at page 30, line 20 skipping to change at page 30, line 20
SHA2-512/256 as a backup, and defines the proper algorithm SHA2-512/256 as a backup, and defines the proper algorithm
negotitation. The document keeps the MD5 algorithm support but negotitation. The document keeps the MD5 algorithm support but
only for backward compatibility. only for backward compatibility.
o Introduces the username hashing capability and the parameter o Introduces the username hashing capability and the parameter
associated with that, mainly for privacy reasons. associated with that, mainly for privacy reasons.
o Adds various internationalization considerations that impact the o Adds various internationalization considerations that impact the
A1 calculation and username and password encoding. A1 calculation and username and password encoding.
o Deprecates backward compatibility with RFC2069.
Authors' Addresses Authors' Addresses
Rifaat Shekh-Yusef (editor) Rifaat Shekh-Yusef (editor)
Avaya Avaya
250 Sidney Street 250 Sidney Street
Belleville, Ontario Belleville, Ontario
Canada Canada
Phone: +1-613-967-5267 Phone: +1-613-967-5267
EMail: rifaat.ietf@gmail.com EMail: rifaat.ietf@gmail.com
 End of changes. 8 change blocks. 
10 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/